LEGAL · PRIVACY

Privacy policy

We collect and process the minimum data needed to operate SleeveFolio.

1. What we collect

Identity data from Auth.js (Google, GitHub, or email). Encrypted broker keys you supply. Trading state your strategies generate (orders, fills, positions, signals). Billing metadata from Stripe.

2. Sub-processors

Stripe (billing), Resend (email), Vercel (hosting + analytics), Sentry (errors), Inngest (jobs). Each receives only what their function requires.

3. Encryption + retention

Broker keys are AES-256-GCM encrypted at rest. Audit logs are partitioned per user and retained per tier — Free 30d, Pro 1y, Team 7y. Delete-account erases all your rows and revokes connected broker keys; audit slice is archived for the tier retention window then hard-deleted.

4. Your rights

Export your audit log as JSONL from Settings. Delete your account any time (Settings → Account → Delete account, email type-to-confirm).

Effective upon account creation and your continued use of SleeveFolio.